First Hop Redundancy Protocols (FHRPs) like HSRP, VRRP, and GLBP are critical for providing default gateway redundancy in enterprise networks. On the CCNA 200-301 exam (objective 3.8), you must understand not just how they work, but the subtle defaults that can cause unexpected behavior—especially preemption. Many candidates lose points because they assume preemption is enabled by default or that it works the same way across all FHRPs. This chapter dissects the preemption defaults for each protocol, shows you exactly how they behave, and reveals the exam traps that separate passing from failing.
Jump to a section
Imagine a football team where the starting quarterback is the active router, and the backup quarterback is the standby router. The team has a clear pecking order: the starter plays unless he's injured. But what happens when the starter gets a minor bruise and steps out? The backup comes in. Later, the starter says, 'I'm ready to play again.' Should he automatically retake the field? If he does, the team suffers a disruption—the backup might be in the middle of a critical drive. In real football, the coach decides when to swap back, often waiting until a natural break. In FHRP terms, this is 'preemption.' HSRP and VRRP have different default behaviors: HSRP does NOT preempt by default, meaning the backup (standby) router stays active even if the original primary returns with a higher priority. VRRP, however, DOES preempt by default, so the original master will immediately take back over when it recovers. This can cause unnecessary flapping if not configured thoughtfully. The exam tests whether you know these defaults—and the trap is that many candidates assume all FHRPs behave like HSRP (no preempt) or like VRRP (preempt). Remember: HSRP is the cautious coach who avoids unnecessary swaps; VRRP is the aggressive coach who always wants the best player on the field.
What is Preemption in FHRPs?
Preemption is the mechanism by which a router with a higher priority can take over the active (or master) role from a currently active router with a lower priority. In the context of First Hop Redundancy Protocols (HSRP, VRRP, GLBP), preemption determines whether a router that was previously the active router but lost the role (due to failure or manual priority change) can reclaim the role when it comes back online with a higher priority.
Without preemption, once a router becomes active, it remains active until it fails, regardless of priority changes. This is the default behavior for HSRP and GLBP. With preemption enabled, a higher-priority router can force a role change, which is the default behavior for VRRP.
Why Preemption Matters
Consider a network with two routers: R1 (priority 150) and R2 (priority 100). R1 is the active HSRP router. If R1 fails, R2 becomes active. When R1 recovers, it has priority 150, higher than R2's 100. Without preemption, R1 will not automatically become active again—R2 remains active. This might be desirable to avoid unnecessary traffic disruption. With preemption, R1 would immediately take over, causing a brief outage as the new active router sends gratuitous ARPs and updates the MAC address table.
HSRP Preemption Defaults
In HSRP, preemption is DISABLED by default. This is a critical exam point. The default configuration for an HSRP group does not include the preempt command. Therefore, even if you set a higher priority on a router, it will not become active unless the current active router fails.
To enable preemption in HSRP, you add the preempt keyword under the interface configuration:
interface GigabitEthernet0/1
standby 1 ip 192.168.1.1
standby 1 priority 150
standby 1 preemptWhen preemption is enabled, the router with the highest priority will become active after a brief delay (default 0 seconds). You can optionally configure a delay using standby <group> preempt delay <seconds> to give the network time to stabilize.
VRRP Preemption Defaults
VRRP has preemption ENABLED by default. This is a key difference from HSRP and a common exam trap. In VRRP, the router with the highest priority will always be the master, and it will preempt any lower-priority master that is currently active.
To disable preemption in VRRP, you use the no preempt command under the VRRP configuration:
interface GigabitEthernet0/1
vrrp 1 ip 192.168.1.1
vrrp 1 priority 150
no preemptNote: In VRRP, the priority command is used to set the priority (default 100), and preempt is enabled by default. Some IOS versions use vrrp 1 preempt to enable, but the default is enabled. Always check the running config.
GLBP Preemption Defaults
GLBP (Gateway Load Balancing Protocol) also has preemption DISABLED by default for both the AVF (Active Virtual Forwarder) and AVG (Active Virtual Gateway) roles. GLBP uses a weighting system and preemption can be enabled with the preempt command under the GLBP configuration.
interface GigabitEthernet0/1
glbp 1 ip 192.168.1.1
glbp 1 priority 150
glbp 1 preemptGLBP preemption is similar to HSRP in that it is off by default. However, GLBP also has a weighting mechanism that can affect which router is AVF; preemption based on weight is separate.
Verification Commands
To check preemption status, use the following show commands:
HSRP:
show standbyExample output:
GigabitEthernet0/1 - Group 1
State is Active
2 state changes, last state change 00:00:15
Virtual IP address is 192.168.1.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.536 secs
Preemption enabled
Active router is local
Standby router is 192.168.1.3, priority 100 (expires in 8.544 sec)
Priority 150 (configured 150)
Group name is "hsrp-Gi0/1-1" (default)Look for "Preemption enabled" or "Preemption disabled".
VRRP:
show vrrpExample output:
GigabitEthernet0/1 - Group 1
State is Master
Virtual IP address is 192.168.1.1
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 150
Master Router is 192.168.1.2 (local), priority is 150
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 secLook for "Preemption enabled" or "Preemption disabled".
GLBP:
show glbpExample output:
GigabitEthernet0/1 - Group 1
State is Active
1 state change, last state change 00:00:20
Virtual IP address is 192.168.1.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.536 secs
Preemption enabled
Active is local
Standby is 192.168.1.3, priority 100 (expires in 8.544 sec)
Priority 150 (configured 150)
Weighting 100 (configured 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group name is "glbp-Gi0/1-1" (default)Interaction with Priority and Timers
Preemption works hand-in-hand with priority. The router with the highest priority becomes active (or master) when preemption is enabled. If priorities are equal, the router with the highest IP address becomes active (a tiebreaker).
Timers also play a role: when a router with higher priority comes up, it waits for the hello and hold timers to expire before taking over. The preemption delay can be configured to wait additional time.
Exam Trap: Default Preemption States
The most common exam trap is assuming that all FHRPs have the same default preemption behavior. Remember:
HSRP: preemption disabled by default
VRRP: preemption enabled by default
GLBP: preemption disabled by default
Another trap: some candidates think that setting a higher priority automatically causes preemption. It does not—preemption must be explicitly enabled (except in VRRP).
Also, note that in VRRP, if you disable preemption, the current master remains master even if a higher-priority router appears. This can be useful to prevent flapping.
Identify FHRP Type
First, determine which FHRP is in use: HSRP, VRRP, or GLBP. This is critical because preemption defaults differ. On the exam, the question may specify the protocol. In real networks, check the running config. For HSRP, look for `standby` commands; for VRRP, look for `vrrp` commands; for GLBP, look for `glbp` commands. If the protocol is not stated, assume the scenario uses HSRP (most common on CCNA).
Check Preemption Status
Use the appropriate show command to verify whether preemption is enabled or disabled. For HSRP: `show standby`. For VRRP: `show vrrp`. For GLBP: `show glbp`. Look for the line that says "Preemption enabled" or "Preemption disabled". If the command output is not provided, remember the default: HSRP and GLBP disable preemption; VRRP enables it.
Analyze Priority Values
Determine the priority of each router. Priority values range from 0 to 255 (HSRP default 100, VRRP default 100, GLBP default 100). The router with the highest priority becomes active (or master) when preemption is enabled. If priorities are equal, the highest IP address wins. Without preemption, the current active router stays active regardless of priority.
Simulate a Failure and Recovery
Consider what happens when the active router fails and then recovers. Without preemption, the standby router becomes active and remains active even after the original router recovers with a higher priority. With preemption, the recovered router will take over after a brief delay (hello/hold timers). This can cause a brief outage as ARP caches update.
Configure Preemption (if needed)
To enable preemption in HSRP, add the `preempt` keyword to the standby group: `standby <group> preempt`. For VRRP, preemption is on by default; to disable, use `no preempt` under the VRRP configuration. For GLBP, use `glbp <group> preempt`. Optionally, add a delay: `standby <group> preempt delay <seconds>` to wait before preempting.
Verify with Show Commands
After configuration, re-run the show commands to confirm preemption status. Also check the state: the router with higher priority should be active (or master) if preemption is enabled. Use `show standby brief` for a quick summary of HSRP groups. For VRRP, `show vrrp brief`. For GLBP, `show glbp brief`.
In enterprise networks, FHRP preemption is a critical design decision. Consider a data center with two core switches running HSRP for default gateway redundancy. The primary switch has priority 150, the secondary has priority 100. Preemption is disabled by design. Why? Because if the primary switch fails and then recovers, it will not automatically reclaim the active role. This prevents a double failover event: the network already converged with the secondary as active; forcing a switch back could cause a brief outage as the MAC address table updates and ARP caches expire. In many production environments, stability is preferred over always having the highest-priority router active.
However, consider a scenario where the primary router has significantly more bandwidth or better hardware. In that case, enabling preemption ensures that the superior router is always active. For example, a branch office with a primary MPLS link and a backup LTE router. The primary router has priority 200, the backup 100. With preemption enabled, if the primary goes down and comes back, it will resume being the active gateway, ensuring optimal performance.
Another common deployment is in campus networks with GLBP. GLBP allows load balancing across multiple routers. Preemption is typically disabled to avoid constant role changes. But if you have a router with a higher weight (for GLBP AVF election), you might enable preemption based on weight to ensure that a more capable router handles more traffic.
Misconfiguration can cause flapping. For example, if VRRP is used with default preemption enabled and both routers have the same priority (100), the router with the higher IP becomes master. If that router fails and recovers, it will preempt the other, causing a brief outage. If this happens frequently, the network may experience instability. To avoid this, network engineers often disable preemption on VRRP or use a preemption delay.
Scale considerations: In large networks with many VLANs and HSRP groups, preemption delay is crucial. Without a delay, when a router reloads, it may try to become active for all groups simultaneously, causing a CPU spike and potential packet loss. A delay of 30-60 seconds is common to allow routing protocols to converge first.
Performance: Preemption itself has minimal overhead, but the resulting state change triggers gratuitous ARP, which can impact switches and hosts. In networks with thousands of hosts, a single preemption event can cause a burst of ARP traffic.
On the CCNA 200-301 exam, objective 3.8 covers "Configure and verify first-hop redundancy protocols." The exam specifically tests your knowledge of preemption defaults and behaviors. Here are the most common traps:
Trap 1: Assuming HSRP preempts by default. Many candidates think that because VRRP preempts by default, HSRP does too. Wrong. HSRP requires the preempt command. The exam may show a configuration without preempt and ask if the router will become active when it recovers with a higher priority. The answer is no.
Trap 2: Confusing VRRP and HSRP defaults. The exam loves to contrast these two. Remember: VRRP preempts by default, HSRP does not. Also, VRRP uses the term "master" while HSRP uses "active."
Trap 3: Thinking priority alone causes preemption. Priority determines which router becomes active when preemption is enabled, but without preemption, the current active router stays active regardless of priority.
Trap 4: Forgetting GLBP preemption is off by default. GLBP is less common on the exam, but it may appear. Remember it behaves like HSRP: preemption disabled.
Decision rule for scenario questions: When given a scenario with two routers and asked whether the recovered router will become active, first identify the FHRP. If HSRP or GLBP, check if preempt is configured. If not, the recovered router remains standby. If VRRP, check if no preempt is configured; if not, the recovered router will preempt.
Exam values to memorize: - HSRP default priority: 100 - VRRP default priority: 100 - GLBP default priority: 100 - HSRP preemption: disabled - VRRP preemption: enabled - GLBP preemption: disabled
Command outputs: You may be shown show standby output and asked to determine if preemption is enabled. Look for the word "Preemption" followed by "enabled" or "disabled."
Calculation traps: None directly, but understand that when priorities are equal, the highest IP address wins. This is a common tiebreaker question.
HSRP preemption is DISABLED by default; must configure 'standby <group> preempt' to enable.
VRRP preemption is ENABLED by default; use 'no preempt' to disable.
GLBP preemption is DISABLED by default; use 'glbp <group> preempt' to enable.
Preemption allows a higher-priority router to take over the active role from a lower-priority router.
Without preemption, the current active router remains active until it fails, regardless of priority.
When priorities are equal, the router with the highest IP address becomes active (or master).
Preemption delay can be configured to prevent rapid flapping and allow network convergence.
These come up on the exam all the time. Here's how to tell them apart.
HSRP
Preemption disabled by default
Uses term 'active' and 'standby'
Multicast address 224.0.0.2 (v1) or 224.0.0.102 (v2)
Virtual MAC: 0000.0c07.acXX
Hello time 3 sec, hold time 10 sec (default)
VRRP
Preemption enabled by default
Uses term 'master' and 'backup'
Multicast address 224.0.0.18
Virtual MAC: 0000.5e00.01XX
Advertisement interval 1 sec, master down interval 3 sec (default)
Mistake
HSRP preempts by default when you set a higher priority.
Correct
HSRP does not preempt by default. You must explicitly configure the 'preempt' command under the standby group. Priority alone does not trigger preemption.
Candidates often confuse priority with preemption; priority determines who becomes active if preemption is enabled, but preemption itself is a separate setting.
Mistake
VRRP and HSRP have the same default preemption behavior.
Correct
VRRP has preemption enabled by default, while HSRP has it disabled. This is a key difference tested on the exam.
Both protocols serve similar purposes, so candidates assume they behave identically, but Cisco made different design choices.
Mistake
GLBP preemption is enabled by default.
Correct
GLBP preemption is disabled by default, similar to HSRP. You must configure 'glbp <group> preempt' to enable it.
GLBP is less commonly studied, and candidates may extrapolate from VRRP or assume all FHRPs preempt by default.
Mistake
Disabling preemption prevents any role changes after initial election.
Correct
Disabling preemption prevents a higher-priority router from taking over, but role changes still occur if the active router fails. The standby router will become active, but it will not give up the role when the original router recovers.
Candidates may think 'no preempt' means the active role is static, but failover still happens on failure.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
The default preemption setting for HSRP is disabled. This means that even if a router with a higher priority comes online, it will not automatically take over the active role from the current active router. To enable preemption, you must add the 'preempt' keyword to the standby group configuration. This is a common exam trap because many candidates assume preemption is enabled by default.
Yes, VRRP has preemption enabled by default. This is a key difference from HSRP. In VRRP, the router with the highest priority will always be the master, and if a higher-priority router appears, it will preempt the current master. To disable this behavior, you use the 'no preempt' command under the VRRP configuration. Be careful on the exam: some questions may assume you know this default.
To enable preemption in GLBP, use the command 'glbp <group> preempt' on the interface. GLBP preemption is disabled by default, similar to HSRP. Once enabled, the router with the highest priority will become the Active Virtual Gateway (AVG) and can also affect the Active Virtual Forwarder (AVF) election if weighting preemption is also configured.
If you set a higher priority on a router but do not enable preemption, the router will not automatically become active. The current active router (with lower priority) will remain active until it fails. Priority only affects the election when preemption is enabled or during the initial election. This is a common misconception—priority alone does not trigger a role change.
Yes, you can configure a preemption delay in HSRP, VRRP, and GLBP. For HSRP, use 'standby <group> preempt delay <seconds>'. For VRRP, some IOS versions support 'vrrp <group> preempt delay <seconds>'. For GLBP, use 'glbp <group> preempt delay <seconds>'. The delay allows the network to stabilize (e.g., routing protocols to converge) before the router takes over the active role.
Preemption can cause network instability if not configured carefully. When a router preempts, it sends gratuitous ARP messages to update the MAC address table, which can cause a brief traffic interruption. If preemption occurs frequently (e.g., due to flapping interfaces), it can lead to packet loss and ARP cache churn. In stable networks, preemption is often disabled or delayed to avoid unnecessary disruptions.
When priorities are equal and preemption is enabled, the router with the highest IP address on the interface becomes the active (or master) router. This applies to HSRP, VRRP, and GLBP. This is a common exam question—remember that IP address is the tiebreaker, not MAC address or router name.
You've just covered Exam Trap: FHRP Preemption Defaults — now see how well it sticks with free CCNA 200-301 practice questions. Full explanations included, no account needed.
Done with this chapter?